mitgliederverwaltung

local-it/mitgliederverwaltung

Fork 0

Commit graph

Author	SHA1	Message	Date
Moritz	14fa873640	Restrict User.update_user to admin; allow :update for email only - Add ActorIsAdmin policy check (admin permission set only) - User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin - User: primary :update action accept [:email] for non-admin profile edit	2026-01-30 11:13:23 +01:00

Author

SHA1

Message

Date

Moritz

14fa873640

Restrict User.update_user to admin; allow :update for email only

- Add ActorIsAdmin policy check (admin permission set only)
- User: policy action(:update_user) forbid_unless + authorize_if ActorIsAdmin
- User: primary :update action accept [:email] for non-admin profile edit

2026-01-30 11:13:23 +01:00

1 commit